the forgerock platform big picture
DESCRIPTION
ForgeRock's VPs of Engineering and Product Management, and lead architect discuss the big picture and futures of the ForgeRock IRM platformTRANSCRIPT
IRM Summit 2014
Open Identity Stack
2IRM Summit 2014
Evolution To IRM
Employees
Consumers
Employees &Partners
Things
PerimeterPerimeter Federation
Perimeter-lessFederation
Cloud / SaaS
Perimeter-lessFederation
CloudSaaS
Mobility
AttributesContext
Stateless
Relationships
3IRM Summit 2014
ForgeRock ProductsUnified, Scalable, Open Source IAM Solutions
FORGEROCK.COM | CONFIDENTIAL
Contextual-Based Access Management
Hybrid Cloud and Enterprise Identity
Management
Internet Scale Directory Services
Identity-AwareApplication Gateway
4IRM Summit 2014
ForgeRock Stack
Por
tals
, ap
plic
atio
ns,
web
ser
vice
s, A
PI’s
• Registration & Self-Service• Auditing & Compliance• Workflow & Reporting• Native connectors• REST API
• Authentication & session• Authorization & policy• Entitlements• Federation• REST API
• Identity Store• Directory Proxy• REST API
Partners
• Reverse Proxy • App / Mobile
Gateway
Legacy Apps
ICF
• IdentityConnector
FrameworkIden
tity
A
dm
inis
trat
ion
Acc
ess
Man
agem
ent
Iden
tity
Dat
a
• Provisioning• SSO
Cloud Apps
Consumers & Customers
Enterprise Apps
Devices & Things
• Federation
Data Centers
• HA • Replication
CloudConnect
OpenIG
5IRM Summit 2014
Leading Stack VendorsAcquisition Architecture – Employee Scale – Massive TCO
Access Manager
Identity Federation
Identity Manager
Mobile Security Suite
Directory Server
Entitlements Server
Enterprise SSO
Identity Governance
Adaptive Access
Web Services Security
Enterprise AppsMobile Apps Things
6IRM Summit 2014
ForgeRock Vision Simple
Scalable
Modular
Embeddable
Common REST framework
Common UI model
Community participation
7IRM Summit 2014
Integrated Stack Components
■ ForgeRock REST (CREST)
■ ForgeRock HTTP Framework
■ AuthN and AuthZ Filters
■ ForgeRock UI
■ OpenID Connect, OAuth, SAML2
■ API Descriptors
■ Scripting
8IRM Summit 2014
OpenAM
ForgeRock REST (Commons REST)ForgeRock REST (Commons REST)
Protected ResourcesProtected Resources
WebAgentsWeb
AgentsJavaEEAgentsJavaEEAgents
Web ServicesAgents
Web ServicesAgents
User InterfaceUser Interface
End User End User
ForgeRock UI FrameworkForgeRock UI Framework
Core ServicesCore Services
Authentication Authentication EntitlementsEntitlements Session Session AuditAuditOAuthOAuth
Core Token Service Core Token Service OpenID Connect OpenID
Connect Configuration Configuration
ScriptingScripting User Management
User Management
Secure Token Service
Secure Token ServiceXACMLXACML Federation Federation
SPIs SPIs
Authentication Plugins
Authentication Plugins
Policy PluginsPolicy Plugins
User MgmtPlugins
User MgmtPlugins
Token ServicePlugins
Token ServicePlugins
Federation Plugins
Federation Plugins
Persistence (OpenDJ)
Universal GatewayUniversal Gateway
Management Management
9IRM Summit 2014
OpenIDM OSGI OSGI
Persistence (OrientDB)
ForgeRock UI FrameworkForgeRock UI Framework
ForgeRock REST RouterForgeRock REST Router
Business Logic (Javascript, Groovy)Business Logic (Javascript, Groovy)
Authentication Filter (JASPI)Authentication Filter (JASPI)
Jetty Web ServerJetty Web Server
ConfigurationConfigurationManaged Users
Managed Users Sync/ReconSync/Recon System
(Connectors)System
(Connectors)
SchedulerScheduler Task Scanner
Task ScannerAudit/LogsAudit/Logs
PolicyPolicy AuditAudit
10IRM Summit 2014
OpenDJUser InterfaceUser Interface
End User End User Management Management
ForgeRock UI FrameworkForgeRock UI Framework
ForgeRock REST ForgeRock REST
Core ServerCore Server
Replication Replication AuditingAuditingLDAPV3 LDAPV3 Caching Caching Monitoring Monitoring
Password Policy
Password Policy GroupsGroups Schema
ManagementSchema
ManagementREST2LDAPREST2LDAP Access Control Access Control
Backend ServicesBackend Services
PersistencePersistence ConnectorsConnectors LDIFLDIF MemoryMemoryChange LogChange Log
Java SDK/ LDAPv3 Java SDK/ LDAPv3
Web ApplicationWeb Application
REST2LDAPREST2LDAP
ForgeRock REST ForgeRock REST
11IRM Summit 2014
OpenIG
Core ProcessingCore Processing
Http FrameworkHttp Framework
HTTP FrameworkHTTP Framework
CookiesCookiesHeadersHeaders Search ExtractSearch Extract CryptoCrypto
RoutesRoutes
OpenID ConnectOpenID ConnectOAuth2OAuth2 SAML2SAML2 ScriptingScripting
AuditAudit
FiltersFilters
HandlersHandlers
12IRM Summit 2014
OpenIDM Architecture
OSGI OSGI
Persistence (OrientDB)
ForgeRock UI FrameworkForgeRock UI Framework
ForgeRock REST RouterForgeRock REST Router
Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)
Authentication Filter (JASPI)Authentication Filter (JASPI)
Jetty Web ServerJetty Web Server
ConfigurationConfigurationManaged Users
Managed Users Sync/ReconSync/Recon System
(Connectors)System
(Connectors)
SchedulerScheduler WorkflowWorkflowAudit/LogsAudit/Logs
PolicyPolicy AuditAudit
OpenIDM Architecture
… architecting a next generation stack
RESTful API for Internet Scale
ForgeRock REST RouterForgeRock REST Router
Create, Read,
Update, Delete
...
Addressable (URI/URL)
system/ldap/account
Resource
Route to resources
Consistent Internal & External Access
ForgeRock REST RouterForgeRock REST Router
Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)
Jetty Web ServerJetty Web ServerAutomatic HTTP Mapping
GET → readPUT → update, ...
UI, console, cli, ..
Java or scripting callsopenidm.read()
openidm.update(), ...
Modular, Pluggable
OSGI OSGIForgeRock UI FrameworkForgeRock UI Framework
ForgeRock REST RouterForgeRock REST Router
Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)
Authentication Filter (JASPI)Authentication Filter (JASPI)
Jetty Web ServerJetty Web Server
ConfigurationConfiguration System (Connectors)
System (Connectors)
Modules
Serviceregistration
system/google/accountconfig/schedule/x
Common Enforcement Point
OSGI OSGIForgeRock UI FrameworkForgeRock UI Framework
ForgeRock REST RouterForgeRock REST Router
Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)
Authentication Filter (JASPI)Authentication Filter (JASPI)
Jetty Web ServerJetty Web Server
PolicyPolicy AuditAudit
Common authentication
framework
Cross cutting filters, authorization,
enforcement, ...
Core Modules
OSGI OSGI
Persistence (OrientDB)
ForgeRock UI FrameworkForgeRock UI Framework
ForgeRock REST RouterForgeRock REST Router
Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)
Authentication Filter (JASPI)Authentication Filter (JASPI)
Jetty Web ServerJetty Web Server
ConfigurationConfigurationManaged Users, Roles...
Managed Users, Roles... Sync/ReconSync/Recon System
(Connectors)System
(Connectors)
SchedulerScheduler WorkflowWorkflowAudit/LogsAudit/Logs
PolicyPolicy AuditAudit
Flexible Data Model
OSGI OSGI
Persistence (OrientDB)
ForgeRock UI FrameworkForgeRock UI Framework
ForgeRock REST RouterForgeRock REST Router
Business Logic (Javascript, Groovy, Java)Business Logic (Javascript, Groovy, Java)
Authentication Filter (JASPI)Authentication Filter (JASPI)
Jetty Web ServerJetty Web Server
Managed Users, Roles...
Managed Users, Roles...
PolicyPolicy AuditAudit
Really, Managed ObjecObjectt
PUT managed/phone/x
{ “sim” : “...”, “IMEI” : “...”, …}
Facilities workon different types
20IRM Summit 2014
API Strategy
Conscious, proactive designDeveloper-focused Consistent
Easy to useModern
21IRM Summit 2014
API Strategy
Conscious, proactive designDeveloper-focused Consistent
Easy to useModern
JSONREST
ROA
22IRM Summit 2014
API Strategy
23IRM Summit 2014
CREST API
24IRM Summit 2014
CREST Framework
25IRM Summit 2014
AuthN and AuthZ Filters
26IRM Summit 2014
Open Identity Stack UI Model
■ “Single-Page Web App” style
■ Single UI model for all products
■ Built on ForgeRock REST (CREST)
■ Common UIs for: – User management– Registration and Self Service– Login and Password Reset
■ Build on shared services for Authentication
27IRM Summit 2014
ForgeRock UI Library Stack
jQuery (General utlity) + jQuery UI (Widgets)
Backbone.js + Require.js (Modular MVC Architecture)
Handlebars.js (Templating)
Underscore.js (General utility)
Less.js (CSS preprocessor)
Built on ForgeRock REST and Common Services
Caters to the web developers of today
28IRM Summit 2014
Demo■ OpenAM as the IDP
■ OpenDJ as the User and Config Store
■ OpenIDM provisioning to DJ
■ Commons– ForgeRock REST in OpenAM, OpenIDM, OpenDJ– Filters protecting OpenIDM– ForgeRock UI in OpenIDM and OpenAM
29IRM Summit 2014
Questions ?